Background on the DNS Changer Malware Attack

DNS (Domain Name System) is basically the phonebook of the Internet. To access information on the Internet, you need to go through a domain name like people.com or dailymail.co. The DNS servers allow computers to talk to each other by converting the domain names into numerical addresses. Without DNS, computer users would not be able to browse websites or connect to any Internet services.

Cyber criminals all over the world have infection millions of computers with a malicious malware called DNSChanger. DNSchanger allows these criminals to control DNS servers and they trick unsuspecting users into clicking on fraudulent websites, thinking they are visiting a legitimate site.

A two year FBI investigation has been underway that led to the arrest of Six Estonian nationals, including Vladimir Tsastsin, the owner of several Internet companies that have been closely associated with the malware community, and charging them with running an Internet fraud ring that infected millions of computers nationwide.

"Operation Ghost Click" was announced today in New York when a federal indictment was unsealed.

Janice Fedarcyk, assistant director of New York FBI office, “describes an intricate international conspiracy conceived and carried out by sophisticated criminals.” She added, “The harm inflicted by the defendants was not merely a matter of reaping illegitimate income.”

Beginning in early 2007, this malicious group used DNSChanger to infect nearly 4 million computers in over 100 countries, 500,000 of which were in the United States. These infections affected computers belonging to individuals, businesses, and even government agencies such as NASA.

They used this strain of malware, known as DNS Changer, to hijack victim computers for the purposes of redirecting Web browsers to ads that generated pay-per-click revenue for the defendants and their clients. The criminals were able to manipulate Internet advertising to generate at least $14 million in illicit fees.

This has been dubbed as the "Biggest Cybercriminal Takedown in History."

Prior convictions for Vladimir Tsastsin and his team of cyber criminals include; credit card fraud, money laundering and forgery, among others. All six men were arrested and taken into custody this week by the Estonian Police and Border Guard.

Along with the arrest, government authorities seized computers and rogue DNS servers. The rogue servers have been replaced with legitimate servers.

The replacement servers will not remove the DNSChanger malware from infected computers. Users who believe their computers may be infected should contact a computer professional asap.